Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Safeguard clients from cyber threats and enhance security measures.
- Company: Join Kocho, a tech company focused on enabling clients to achieve their goals.
- Benefits: Flexible remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact in cybersecurity while working with cutting-edge technology.
- Qualifications: Degree in Cyber Security or related field; experience in Security Engineering.
- Other info: Dynamic team environment with a focus on collaboration and continuous improvement.
The predicted salary is between 36000 - 60000 £ per year.
This role is Cardiff based. We are Kocho. Kocho recognise that technology on its own does not deliver change and offers technology adoption services alongside excellent technical consulting to enable our clients to achieve their business goals on their journey to Become Greater.
Our head office is in the heart of London's West End and provides a comfortable working environment with flexible collaboration spaces that encourage our people to Become Greater with the aim to Do What's Right. We now have offices in Cardiff and Cape Town which follow the style of our London space.
Kocho is an equal opportunities employer. We make recruitment decisions based on qualifications, skill set and experiences. We consider all suitable candidates regardless of their age, sex, gender reassignment, race, religious beliefs, or lack thereof, marital status, disability or sexual orientation or any other protected characteristic. This mindset aligns with our company values as we understand that we are Better Together.
The role: As a Security Engineer, you will play a critical role in safeguarding our organisation, clients, and partners from cyber threats. You will apply your experience in Security Engineering or as a Senior Security Analyst to design, implement, and optimise security measures that protect systems, networks, and data from unauthorised access, attacks, and breaches. Working closely within the Security Operations team and directly with clients, you will ensure that security controls remain effective, aligned to best practice, and continuously improved.
This role is primarily remote but you may be asked to come into Cardiff at your manager's discretion; we would expect a successful candidate to always attend when required. We anticipate this to be a couple of times a month.
In this role, you will deliver hands-on expertise across the Microsoft Security Stack, particularly Microsoft Defender XDR and Microsoft Sentinel. You will build, maintain, and enhance detection capabilities by deploying KQL analytical rules, developing Content Hub solutions, and tuning threat policies to ensure strong protection and high-quality signal. Your responsibilities will include managing phishing simulation campaigns, leading vulnerability scans, and producing accurate, well-structured reports with clear, actionable recommendations.
You will regularly engage with clients, presenting findings and guiding them through remediation activities alongside a Cyber Security Project Manager. You will also provide Incident Response support by handling escalations from the triage team, performing advanced investigations, and contributing to playbook automation using Azure Logic Apps to streamline processes and improve response consistency. Your Incident Response involvement is only from an Escalation Standpoint and you are not expected to regularly be involved in Analyst related activities.
Additionally, you will audit and uplift client environments across the Microsoft 365 Security Suite, focusing on areas such as Secure Score improvements, Device Tagging, Defender policy management, Exchange configuration hardening, and other lifecycle-related security tasks. Where applicable, you may also leverage scripting or automation skills (e.g., Python, Bicep, ARM, JSON, YAML) and contribute to Logic Apps, Azure Functions, or codeless playbooks to further enhance operational efficiencies.
This is what we need from you:
- A degree in Computer Science, Cyber Security or a related field/ Or equivalent and demonstrable experience
- Extensive experience in Security Engineering or Senior Security Analysis
- Strong knowledge of security protocols and industry standards
- Experience with vulnerability testing and risk analysis
- SME in Microsoft Defender XDR
- Strong proven knowledge of KQL & Advanced Hunting
- Experience using common vulnerability scanning tools and interpreting their results
- Strong client-facing skills, including the ability to translate technical findings into clear, actionable recommendations.
You will regularly prepare well-structured reports, present security insights to both technical and non-technical stakeholders, and provide guidance that helps clients strengthen their security posture.
Would be great if you have:
- Proficiency in certain languages, standards and assemblies/tools such as Python, Bicep, ARM, JSON, YAML
- Familiarity with Jinja2, Codeless Playbooks, Azure Functions, Azure Logic Apps
- Professional certifications such as AZ-500, SC-100, SC-200, CISSP, CEH, CYSA+
- GitHub Portfolio of solutions you've built.
Security Engineer- Cardiff employer: Kocho
Contact Detail:
Kocho Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Engineer- Cardiff
✨Tip Number 1
Network like a pro! Attend industry meetups, webinars, or local tech events in Cardiff. It's a great way to connect with potential employers and other professionals in the field. Plus, you never know who might have a lead on your dream job!
✨Tip Number 2
Show off your skills! Create a GitHub portfolio showcasing your projects, especially those related to security engineering. This gives you a chance to demonstrate your expertise and passion for the field, making you stand out to hiring managers.
✨Tip Number 3
Prepare for interviews by brushing up on common security scenarios and best practices. Practice explaining complex concepts in simple terms, as you'll need to communicate effectively with both technical and non-technical stakeholders.
✨Tip Number 4
Don't forget to apply through our website! We love seeing candidates who are genuinely interested in joining Kocho. Tailor your application to highlight how your skills align with our mission to help clients Become Greater.
We think you need these skills to ace Security Engineer- Cardiff
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Security Engineer role. Highlight your experience with Microsoft Defender XDR and KQL, as well as any relevant projects or achievements that showcase your skills in security engineering.
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about cybersecurity and how your background aligns with Kocho's mission to help clients Become Greater. Keep it concise but impactful!
Showcase Your Technical Skills: Don’t forget to mention your technical skills, especially those related to vulnerability testing and risk analysis. If you have experience with scripting or automation tools like Python or Azure Logic Apps, make sure to include that too!
Apply Through Our Website: We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates from us!
How to prepare for a job interview at Kocho
✨Know Your Stuff
Make sure you brush up on your knowledge of security protocols and the Microsoft Security Stack, especially Microsoft Defender XDR. Be ready to discuss your experience with KQL and how you've used it in past roles. This will show that you're not just familiar with the tools but can also apply them effectively.
✨Showcase Your Client Skills
Since this role involves a lot of client interaction, prepare examples of how you've communicated technical findings to non-technical stakeholders. Think about times when you’ve had to translate complex security issues into actionable recommendations. This will demonstrate your ability to engage with clients effectively.
✨Prepare for Scenario Questions
Expect questions that put you in real-world scenarios, like handling a security breach or conducting a vulnerability scan. Practice articulating your thought process and the steps you would take to resolve these issues. This will help interviewers see your problem-solving skills in action.
✨Bring Your Portfolio
If you have a GitHub portfolio or any projects showcasing your scripting or automation skills, bring it along! Discussing your work with Python, Bicep, or Azure Logic Apps can set you apart from other candidates and show your hands-on experience.